Secure setuid shell scripts
Chris Torek
chris at mimsy.UUCP
Wed Oct 26 02:33:27 AEST 1988
In article <4483 at bsu-cs.UUCP> dhesi at bsu-cs.UUCP (Rahul Dhesi) writes:
>The set-user-id shell script bug, they say, lies in the semantics of
>the file system itself. Very well: ... Does the same security hole
>exist when a shell, which has been made made set-uid to root, executes
>a set-uid script without the kernel's help?
No. (Gak, this practically gives it away. Oh well, everyone has had
plenty of warning to get rid of setuid or setgid scripts that set to
important IDs.)
--
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain: chris at mimsy.umd.edu Path: uunet!mimsy!chris
More information about the Comp.unix.wizards
mailing list